...Incident Response Plan Example This document discusses the steps taken during an incident response plan. To create the plan, the steps in the following example should be replaced with contact information and specific courses of action for your organization. 1)The person who discovers the incident will call the grounds dispatch office. List possible sources of those who may discover the incident. The known sources should be provided with a contact procedure and contact list. Sources requiring contact information may be: a)Helpdesk b)Intrusion detection monitoring personnel c)A system administrator d)A firewall administrator e)A business partner f)A manager g)The security department or a security person. h)An outside source. List all sources and check off whether they have contact information and procedures. Usually each source would contact one 24/7 reachable entity such as a grounds security office. Those in the IT department may have different contact procedures than those outside the IT department. 2)If the person discovering the incident is a member of the IT department or affected department, they will proceed to step 5. 3)If the person discovering the incident is not a member of the IT department or affected department, they will call the 24/7 reachable grounds security department at xxx-xxx. 4)The grounds security office will refer to the IT emergency contact list or effected department contact list and call the designated numbers in order on the...
Words: 1230 - Pages: 5
...NRF Preparedness Cycle The National Response Framework (NRF) is the Nation’s guide on how to conduct effective responses through all-hazards. The strategic framework is built upon a foundation adaptable coordinating structures that are scalable, flexible, and to align key roles and responsibilities across the Nation. The NRF defines specific authorities and best exercises for managing incidents that range from the serious but merely local, to surprise terrorist attacks or catastrophic natural disasters. The document explains the common discipline and structures that have been implemented and developed at the local, tribal, State, and national levels over time. It explains strategic lessons gained from natural disasters such as Hurricanes Katrina and Rita, concentrating particularly on how the Federal Government is organized to aid local communities and States in devastating incidents. First and foremost, it contributes to the National Incident Management System (NIMS), which offers a stable template for managing incidents at all levels of government. (Office of the Press Secretary, 2008) The sole purpose of the 90-page document is to ensure that government executives, private sector, nongovernmental organization (NGO) leaders, and emergency management practitioners across the nation understand domestic incident response roles, responsibilities and relationships in order to respond more effectively to any type of incident. (Maniscalco, 2011) One of the interesting areas...
Words: 1054 - Pages: 5
... 1. How is a response to destruction from a terrorist incident different from a response to a natural disaster? Be specific, give examples, and quote from the readings. 2. You are a volunteer for the American Red Cross. You are to enter a scene of destruction in order to assist wounded victims. What are some precautions that you must take? What are some restrictions placed on you? From whom do you receive clearance? 3. First responders should isolate hazards by establishing control zones. There are three types of control zones. List them and give examples. Cite your sources. Difference Between Response to Destruction By Terrorist and Natural Disaster Previous to the National Response network there were various differences on how and when agencies responded to incidents by terrorist groups or natural disasters. Prior to the 11 September 2001 attack on the Pentagon, the plane crash in Pennsylvania, the World Trade Center, and the 2005 Hurricanes Rita and Katrina the Federal Response Plan existed which primarily focused on the Federal roles and responsibilities during an emergency or disaster incident. By using the lessons learned and the response to the hurricane season in 2005 the National Response Plan was replaced by the Federal Response Plan. The United States has dealt with a number of unprecedented disasters and emergencies from small incidents to major catastrophes. The development of the National Response Framework (NRF)...
Words: 1775 - Pages: 8
...Incident Response Plan Gurleen Kaur Sandhu Master of Information Systems Security and Management Concordia University of Edmonton 7128 Ada Boulevard Edmonton, AB gksandhu@student.concordia.ab.ca Abstract— In business oriented organizations, disasters can occur anytime if information security is jeopardized at some point of business operations. Whenever unplanned events happen, incident response plans are must for reducing the extremity and increasing the chances of quick resolution with minimal damage. An incident response plan is an integral part for an enterprise for reducing negative publicity and increasing the confidence of corporate staff.This paper provides steps constituting and utilizing Incident Response Plan. INTRODUCTION As said by an American lawyer Robert Mueller “There are only two types of companies:those that have been hacked and those that will be.” When an organization depends on technology based systems to remain practical,information security and risk management become an unavoidable part of the economic basis for making dicisions in a firm. In this challenging environment of increasing technology,data breaches are also increasing that require enterprises to protect proprietary data and implementing effective measures to prevent a data insecurity. Threats and vulnerabilities, in one form or another, will always affect information technology. Incident is an adverse event that negatively impacts the confidentiality, integrity and availability of...
Words: 1541 - Pages: 7
...This type of organization because of a job working at a campus with the security department. Having mitigation plan can be very important because of the amount of students that are on the campus they need to feel safe in their environment. In the critical incident management plan that the campus defines the authority, defines the terminology used in plan and in critical incidents, it also defines procedures for the delivery of timely response to incidents, and also defines the roles and responsibilities given to everyone. A brief over view of the critical incident plan involves critical incident reporting which should ideally be reported as soon as possible to a supervisor. The critical Incident action plan for the British Columbia Institute of Technology assumes immediate response, this includes police and fire. Then the plan has employee development along with the communication part of the plan, this is where pre incident communication will involve educating the staff and students. The next step of the incident plan involves Incident response evaluation then the ongoing work leads to training, where they train the staff to be ready for a proper incident response. One main exclusion they have left out of the critical incident plan would be the role of the parents in case of an emergency situation. After reading through this critical incident plan it seems like it is more focused towards if any students were to get...
Words: 725 - Pages: 3
... | Table of Content Chapter Page 1. WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? 4 2. INTRODUCTION 5 3. CONCEPTS AND PRINCIPLES 5 4. OVERVIEW OF PIMS COMPONENTS 6 4.1. PREPAREDNESS 6 4.2. COMMUNICATIONS & INFORMATION MANAGEMENT 6 4.3 RESOURCE MANAGEMENT 6 4.4 COMMAND & MANAGEMENT 7 4.5 ONGOING MANAGEMENT & MAINTENANCE 7 5. COMPONENT 1: PREPAREDNESS 8 1) UNIFIED APPROACH 8 2) LEVELS OF CAPABILITY 9 6. COMPONENT 2: COMMUNICATION AND INFORMATION MANAGEMENT 16 7. COMPONENT 3: RESOURCE MANAGEMENT 23 a) CONCEPTS AND PRINCIPLES 23 1) Concepts 23 2) Principles 23 a) Planning 24 b) Use of Agreements 24 c) Categorizing Resources 24 d) Resource Identification and Ordering 24 e) Effective Management of Resources 24 8. COMPONENT 4: COMMAND & MANAGEMENT 25 a) INCIDENT MANAGEMENT SYSTEM 25 b) MANAGEMENT CHARACTERISTICS 26 9. PIMS AND ITS RELATIONSHIP TO THE PROVINCIAL DM FRAMEWORK 28 |Distribution | At this stage limited to GPG OPS Workgroup members |WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? | The Provincial Incident Management System (PIMS) provides a systematic, proactive approach to guide departments and...
Words: 13459 - Pages: 54
...an incident response plan is put into place. In an IT environment, it is typical for multiple members of the IT Department to be part of the planning and response efforts for many security incidents. Because of this, it will be helpful that you understand how the process works. Please be sure that your response to the incident make sense and are developed by your own research on how to respond to the incident. Details on what should be included in the Incident Response Plan are below. For the deliverable, use Calibri font, Size 14. This should be in your own words. Plagiarism goes against school policy and will result in a zero for the assignment. Please note that this is 21% of your grade for the class; take the time to be detailed and I expect questions from you about it. After all, this project is all about you learning how the process works. Phase 1: Week 5 Step 1: Choose an incident type to create a response plan with. I’ve supplied a list for you below. Step 2: Find supporting materials on how to respond to the incident. You should be able to use a common search engine and find this. Phase 2 Step 3: Develop a summary of the incident that occurred; recommended 1-2 paragraphs; can be brief. If you can find an incident online that matches your project choice, you can use this summary. Make up a business name of the company that you work for. The sky is the limit in terms of what business type and name you use. Please be sure that, if your incident is one...
Words: 625 - Pages: 3
...EMERGENCY RESPONSE PLAN | | [Type the author name] | 10/23/2011 | Table of Contents PURPOSE OF EMERGENCY PLAN.................................................................................. PLANNING FOR EMERGENCY....................................................................................... PROCEDURES............................................................................................................... RESPONDERS SAFETY................................................................................................... DEPARTMENT OF PUBLIC WORKS................................................................................. INCIDENT COMMAND CENTER .................................................................................... INCEDENT COMMAND SYSTEM (ISC) FIRE DEPARTMENT....................................................................................................... INCIDENT CLASSIFICATION EVACUATION PROCEDURES.......................................................................................... POLICE DEPARTMENT .................................................................................................. EMERGENCY MEDICAL RESPONCE................................................................................. STAGING MANAGER COMMUNICATION PROCEDURES.................................................................................. HAZARDOUS MATERIALS EMERGINCY RESPONSE PLAN PURPOSE OF EMERGENCY PLAN This plan...
Words: 1735 - Pages: 7
...GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 GIAC Enterprises – Security Controls Implementation Plan Table of Contents Executive Summary Introduction Security Controls Implementation Plan Incident Response Weekend Plan Conclusions References 3 3 4 6 9 9 2 GIAC Enterprises – Security Controls Implementation Plan Executive Summary The cyber-threat landscape has evolved significantly in recent years. From primarily a threat of denial of service and website vandalism in years past, to the currently advanced and well resourced adversaries employing complex technologies to achieve financial and political benefit. At GIAC Enterprises, we have observed huge increases in suspicious network activity directed at our corporate networks, sometimes even targeting key individuals. Due to the huge global increase in demand for fortune cookie messages, it is reasonable to expect that this undesired attention will only increase in the coming months and years as cyber-criminals and possibly corporate spies attempt to closely monitor our business activities and steal vital business information. This paper presents the recommendations of the tiger team, which was recently formed, with the goals of: 1. Developing a strategy for the implementation of the SANS Top 20 Security Controls, and in particular the creation of an incident response capability; and 2. Identifying and eradicating any possible...
Words: 3167 - Pages: 13
...systematic approach to incident management, including the Incident Command System, Multiagency Coordination Systems, and Public Information * A set of preparedness concepts and principles for all hazards * Essential principles for a common operating picture and interoperability of communications and information management * Standardized resource management procedures that enable coordination among different jurisdictions or organizations * Scalable so it may be used for all incidents (from day-to-day to large-scale) * A dynamic system that promotes ongoing management and maintenance | * A response plan * Only used during large-scale incidents * A communications plan * Only applicable to certain emergency management/incident response personnel * Only the Incident Command System or an organization chart * A static system | Correct. Review the feedback below. When you are ready to proceed, click on the Next button. Review the correct answers below: CONSISTENT WITH NIMS: A jurisdiction is inventorying and categorizing resources (e.g, personnel, equipment, supplies, and facilities) to establish and verify levels of capability prior to an incident. Explanation: Inventorying and categorizing of resources is a critical element of preparedness because it: * Establishes and verifies the levels of capability needed based on risk and hazard assessments prior to an incident. * Identifies and verifies that emergency response resources possess the...
Words: 6379 - Pages: 26
...P6- Explain the main considerations when planning and preparing for major incidents M4- Explain the role of the organisations involved in planning for major incidents The purpose of emergency planning is to provide an integrated response to major incidents with a view to bringing about a successful end to an incident. Planning and preparation for emergencies and possible major incidents forms a large part of the work of the emergency services and other public services. Emergency plans are drawn up so that, in the event of a major incident, the public services can respond efficiently because they are prepared for it. In this assignment I will be explaining the main considerations when planning and preparing for major incidents and also the role of the organisations involved in planning for major incidents. When planning for an emergency personnel should; * Know their roles- This means that the person knows what they are required to do * Be competent to carry out the task- This means they are able to carry out their job efficiently and with little guidance. * Have access to resources- They have all the equipment they need to be able to do their job. * Have confidence in other responders- This means that everyone in the team has confidence that everyone in the team is competent at their role. When emergency planning is undertaken by category 1 responders, a great deal of thought is given to identifying possible risks. A risk is a hazard or threat that could cause...
Words: 3088 - Pages: 13
...3110 Business Continuity Plan Contents 1.0 | About this Plan | Page No | 1.1 | Document Control | | 1.2 | Plan Purpose | | 1.3 | Plan Remit | | 1.4 | Plan Owner | | 1.5 | Plan Distribution | | 1.6 | Plan Storage | | 1.7 | Plan Review Date | | 1.8 | Plan Exercise/Testing | | 2.0 | Plan Activation | | 2.1 | Circumstances | | 2.2 | Responsibility for Activation | | 2.3 | Process for Activation | | 3.0 | Incident Management | | 3.1 | Purpose of the Incident Management Phase | | 3.2 | Actions to Protect the Safety of Staff, Visitors and members of the Public | | 3.3 | Communication Actions | | 3.4 | Actions to Support Business Continuity | | 3.5 | Actions to Support Recovery and Resumption | | 3.6 | Communicating with staff | | 4.0 | Business Continuity | | 4.1 | Purpose of the Business Continuity Phase | | 4.2 | Critical Activities | | 4.3 | Non Critical Activities | | 4.4 | Business Continuity Actions | | 5.0 | Resumption and Recovery | | 5.1 | Purpose of the Recovery and Resumption Phase | | 5.2 | Recovery and Resumption Actions | | 6.0 | Appendices | | | [Additional information can be added as needed through meeting with stakeholders] | | | | | | | | | | | 1.0 About this Plan 1.1 Document Control Date | Revision/Amendment Details & Reason | Author | | | | | | | | | | | | | 1.2 Plan Purpose The organization...
Words: 2943 - Pages: 12
...Response Plan to Aircraft Emergencies Karl M. Campbell Safety 350 Embry Riddle Aeronautical University Response Plan to Aircraft Emergencies Geilenkirchen (GK) Air Base, Germany, is situated in a unique location at the borders of Germany and the Netherlands. On the West side of the base, right off the end of the runway is a road that represents that border line between the two countries. So besides having a Response Plan for Emergencies between the on-base agencies and off-base agencies you have to have some sort of plan between countries. Currently the plan at Geilenkirchen Air Base describes the responsibilities and functions of the E-3A Component personnel involved in the emergency response in the event of an aircraft emergency at the NATO Air Base (NAB) Geilenkirchen (Van Happen, 2012). The plan is used in exercises and real live responses to accidents/incidents involving aircraft. The plan is coordinated with the municipalities of the surrounding Districts of Heinsberg, Germany and the Districts of Onderbanken, the Netherlands for mutual aid support by the civil emergency services surrounding the base. I will now analyze the Response Plan for Emergencies, E-3A Plan 3.6-8, at Geilenkirchen Air Base, Germany. The first part, Section 1, of E-3A Plan 3.6-8 goes over the Definitions and Terminology for all personnel to understand. It covers the Classifications of Aircraft Emergencies in which emergency services would be required. The classifications include:...
Words: 2884 - Pages: 12
...efficiency of emergence services in the United Kingdom, and the U.S. London bombings on July 7, 2005 have revealed several serious emergency issues, which were similar to emergency issues in 1995 and 1996 in the United States. Terrorist acts seriously undermine the stability of any society. The role of emergency services is to provide victims and injured with full information and timely assistance. Critical accidents similar to Oklahoma or Olympic park bombings reveal the major emergency inconsistencies and failures. These failures are later evaluated and addressed in numerous after-action reviews. Emergency response to London bombings 2005 “Terrorists attacked London on 7 July 2005, claiming 52 innocent lives and injuring hundreds more. Many more people were affected by their experiences that day and in the days that followed” (Home Office Security, 2006). Emergency response to bombings was immediate and highly qualified, aimed at...
Words: 2150 - Pages: 9
...Home Computer Incident Response Plan Introduction This paper contains a brief Incident response for my home computers. For the purpose of this paper two departments introduced, User department and Technology services department. Virus Attack Before Attack Users * Keep anti-virus software running? * Update virus signatures at least weekly. * Attend virus awareness training. * Learn how to detect and take basic steps during a virus attack. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite. Technology Services * Provide education and training about virus attack awareness. * Provide education about the dangers and attack profiles of the most prevalent kinds of malware attacks. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service. * Ensure that a current Incident Response Plan is in place to deal with active attacks and post attack situations. After an Attack Users * Work with Technology services to determine the extent of data loss. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work...
Words: 1390 - Pages: 6
